Attorney's Docket No.: 5577-223 



PATENT 



IN THE UNITED STATES PATENT AND TRADEMARK OFFICE 

In re: Bruton, et al. Confirmation No.: 2267 

Serial No.: 09/773,81 1 Group Art Unit: 2152 

Filed: January 31, 2001 Examiner: Truong, Lan Dai T 

For: METHODS, SYSTEMS AND COMPUTER PROGRAM PRODUCTS FOR 

SELECTIVELY ALLOWING USERS OF A MULTI-USER SYSTEM ACCESS 

TO NETWORK RESOURCES 

Date: November 21, 2007 



CERTIFICATION OF TRANSMISSION 

I hereby certify that this correspondence is being transmitted via the Office 
electronic filing system in accordance with § 1 6(a)(4) to the U.S. Patent 
and Trademark Office on November 21, 2007. 

Michele P. McMahan 



APPELLANTS" REPLY BRIEF UNDER 37 C.F.R. § 41.41 

Sir: 

This Reply Brief is filed in response to the Examiner's Answer mailed October 15, 2007. 
It is not believed that an extension of time and/or additional fee(s) are required, beyond those that 
may otherwise be provided for in documents accompanying this paper. In the event, however, 
that an extension of time is necessary to allow consideration of this paper, such an extension is 
hereby petitioned under 37 C.F.R. § 1 . 1 36(a). Any additional fees believed to be due may be 
charged to Deposit Account No. 09-0461. 

Comments on the Claim Rejections in the Examiner's Answer 

The grounds for rejection for the pending claims are set forth at pages 3-14 of the 
Examiner's Answer. Appellants note, however, that various of these rejections have undergone 
significant changes from the rejections that were presented to Appellants in the Final Action of 
March 20, 2007. In particular, the Final Action incorporated by reference the rejections set forth 
in the Office Action dated October 31, 2006, and indicated that the rejections in the October 31, 
2006 Office Action were made final. However, a comparison of the rejections in the October 31, 
2006 Office Action with the rejections set forth in the Examiner's Answer reveals significant 
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differences. By way of example, the rejection of Claim 1 set forth in the October 31, 2006 Office 
Action is set forth in less than two pages and cites to excerpts from five columns of Jacobson. 
In contrast, the rejection of Claim 1 set forth in the Examiner's Answer spans nearly four pages 
and cites to excerpts from eight columns of Jacobson. Thus, to the extent that the arguments in 
Appellants' Appeal Brief do not line up precisely with the rejections as set forth in the Examiner's 
Answer, this is because Appellants are facing a moving target with the Examiner improperly 
changing the rejections during the present appeal. 

Despite the Examiner's efforts to rewrite the "final" rejections during the pendency of this 
appeal, Appellants wish to proceed forward to a decision on the merits. The present application 
has now been pending for nearly seven (7) years, and this is the second time that Appellants have 
taken the application on appeal (the final rejections at issue on the first appeal were withdrawn in 
response to a Pre- Appeal Request for Review). Thus, for the reasons provided in Appellants' 
Appeal Brief, as further reinforced by the arguments presented below, Appellants respectfully 
submit that all of the pending rejections should be reversed, and that the present application 
should be allowed at this time. 

Response to Arguments in the Examiner's Answer 

The remainder of the present reply brief responds to the arguments set forth in the 
Response to Arguments section of the Examiner's Answer. (See Examiner's Answer, Section 10, 
at 15-27). For the reasons discussed below, Appellants respectfully submit that the arguments 
contained in the Examiner's Answer fail to support the rejections of any of the pending claims as 
being unpatentable over U.S. Patent No. 5,548,649 to Jacobson ("Jacobson") in view of U.S. 
Patent No. 6,366,912 to Wallent et al. ("Wallent"). 

I Response to Arguments 10(a), 10(b) and 10(c) 

Sections 10(a), 10(b) and 10(c) on pages 15-17 of the Examiner's Answer respond to 
Appellants' showing at Section ILA of the Appeal Brief that Jacobson does not disclose 
"identifying a security zone that is associated with the one of the plurality of resources" as is 
recited in Claims 1, 14 and 19. Appellants respond to each argument raised by the Examiner as 
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follows. 

The Examiner first argues that Appellants have mischaracterized the language of Claims 
1,14 and 19 because those claims do not recite "identifying a security zone that is associated 
with a resource to which a message is to be sent." However, each of Claims 1,14 and 19 
expressly recite: 

1) "receiving a request originated from a user of a multi-user system to transmit a 
message via the multi-user system over the network to one of the plurality of 
resources " and 

2) "identifying a one of the plurality of security zones that is associated with the one 
of the plurality of resources ." 

Thus, Claims 1, 14 and 19 use antecedent basis (i.e., the term "the one of the plurality of security 
zones" in the second quote above is referring to the "one of the plurality of security zones" in the 
first quote above) to expressly require that "the one of the plurality of security zones" that is 
identified (see quote 2) be the "one of the plurality of resources" for which a request is received 
from a user to transmit a message to that one of the plurality of resources (see quote 1). Thus, 
contrary to the Examiner's argument, the claims do in fact expressly require the identification of a 
security zone that is associated with a resource to which a message is to be sent, and Appellants 
are clearly not reading a limitation from the specification into the claims. Instead, Appellants 
argument is based on the express recitations of Claims 1,14 and 19, which the Examiner has 
ignored in both the rejections of these claims and in the Examiner's Answer. 

The Examiner next argues that Jacobson discloses "identifying a security zone that is 
associated with a resource to which a message is to be sent," because Jacobson allegedly teaches 
that "each of the data packets include source address, destination address (column 1, lines 40-42) 
those [sic] are used to identifying [sic] the secure zones of 'the source devices and destination 
devices' those [sic] are shared functionality with 'resources'." (Examiner's Answer at 15). 
Appellants respectfully submit, however, that while source and destination addresses may 
identify locations in a network, neither the source nor destination addresses of Jacobson identify 
a security zone that is associated with a resource to which a message is to be sent. Moreover, 
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while the Examiner further cites to several additional columns of Jacobson as allegedly teaching 
the "identifying" recitation of Claims 1, 14, and 19, Appellants respectfully submit that a careful 
review of these sections of Jacobson reveals that they simply do not teach or disclose identifying 
a security zone that is associated with a resource to which a message is to be sent. 

Finally, in Section 10(c) of the Examiner's Answer the Examiner purports to respond to 
Appellants' showing that Col. 6, lines 53-65 of Jacobson does not disclose a "method for using 
filter tables which included [sic] in the security zone bridge to identifying [sic] wherefrom 
(security zone hosts) the data packet sent from and whereto (secure zone hosts) the received data 
packets are processed to" as alleged in the Final Action. Notably, the Examiner does not even 
attempt to respond to Appellants detailed showing that none of the filter tables of Jacobson has 
anything to do with identifying a security zone that is associated with a resource . Instead, the 
Examiner's Answer merely states a desired conclusion - namely that a "source IP address 
comprised in data packet [is mapped] with IP addresses of secure zones in identification tables to 
determine if the data packet is authorized to be forwarded to other secure zone network." 
(Examiner's Answer at 16-17). The Examiner's Answer, however, does not even attempt to 
specifically explain where or how Jacobson teaches what the Examiner's Answer claims; instead 
the Examiner's Answer provides a four line string cite to seven different columns and six 
different figures of Jacobson which fail to provide any support for the "conclusion" stated in the 
Examiner's Answer. 

Thus, for each of the above reasons, Appellants respectfully submit that Sections 10(a) 
through 10(c) of the Examiner's Answer fail to rebut Appellants' showing that Jacobson does not 
disclose identifying a security zone that is associated with a resource to which a message is to be 
sent as is recited in Claims 1, 14 and 19. 

IL Response to Argument 10(d) 

Section 10(d) on page 17 of the Examiner's Answer responds to Appellants' showing that 
Jacobson does not disclose "determining if the user of the multi-user system is authorized access 
to the identified one of the plurality of security zones" as recited in Claims 1, 14 and 19. (See 
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Appeal Brief at Section II.B). Appellants respectfully submit that the six columns of Jacobson 
which are cited in support of the examiner's argument simply do not disclose what the 
Examiner's Answer claims these columns disclose. Appellants further note that Appellants' 
Appeal Brief explains in detail why the various tables of Jacobson relied upon in the rejections of 
Claims 1,14 and 19 as allegedly being used to determine if a user of the multi-user system is 
authorized access to an identified one of the plurality of security zones do no such thing. Thus, 
the rejections of Claims 1, 14 and 19 should be reversed for the separate and independent reason 
that Jacobson does not disclose "determining if the user of the multi-user system is authorized 
access to the identified one of the plurality of security zones." 

i IK Response to Arguments 10(e) and 10(f) 

Sections 10(e) and 10(f) on pages 17-19 of the Examiner's Answer respond to Appellants' 
showing that Jacobson does not disclose "forwarding the message from the multi-user system 
over the network only if it is determined that the user is authorized access to the identified one of 
the plurality of security zones" as recited in the last clause of the body of Claims 1, 14 and 19. 
(See Appeal Brief at Section ILC). In the October 31, 2006 Office Action, which is incoiporated 
by reference in the Final Action as setting forth the basis for the final rejections, the Examiner 
took the position that the discussion of the "authorized install/or view request" at Col. 7, lines 1- 
67, Col 8, lines 1-48 and Col. 15, lines 1-15 of Jacobson discloses this recitation of Claim 1. 
(October 31, 2006 Office Action at 4). As this contention is thoroughly rebutted in Appellants' 
Appeal Brief, the Examiner has improperly changed the rejection in the Examiner's Answer. In 
particular, the Examiner now argues that the forwarder 211 of Jacobson determines authorization 
for source IP addresses which allegedly "shares functionality with user identification by 
associating/mapping/sparing the source IP addresses with IP addresses of secure zones in 
identification tables to determine if the source IP address is authorized." (Examiner's Answer at 
1 8). The Examiner, however, does not provide any pinpoint cites to identify where any such 
teaching is located in Jacobson. Appellants respectfully submit that such pinpoint cites are 
lacking because Jacobson does not disclose what the Examiner contends. Instead, as discussed in 
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detail in Section ILB of Appellants' Appeal Brief, the "filter tables" and "identification tables" of 
Jacobson are used for different purposes (e.g., to filter based on protocol types or to determine 
whether encryption is necessary). Thus, the newly identified basis for the rejection set forth in 
the Examiner's Answer is equally unavailing. 

Thus, for each of the above reasons, Appellants respectfully submit that the rejections of 
Claims 1, 7, 9, 14-17, 19-22 and 28 should be reversed. 

IV. Response to Argument 1 0(g) 

In Section II of Appellants' Appeal Brief, Appellants identified several fatal deficiencies 
in the final rejection of Claim 24. Included in these deficiencies is the fact that neither the Office 
Action nor the Final Action explains where the last two clauses of the body of Claim 24 can be 
found in the cited art. In a belated effort to remedy this situation, the Examiner has now r replaced 
the one line rejection of Claim 24 provided in the final rejection with a new 13 line rejection in 
the Examiner's Answer. {Compare October 31, 2006 Office Action at 4 with Examiner's Answer 
at 14). In any event, Appellants respectfully submit that Jacobson fails to disclose or suggest at 
least the "identifying", the "determining" and the "forwarding" recitations of Claim 24 for the 
same reasons that Jacobson does not disclose the corresponding recitations of Claims 1, 14 and 
19. Accordingly, the rejection of Claim 24 should likewise be reversed. 

V. Response to Arguments 10(a) and 10(j) 

In Section 10(i) of the Examiner's Answer, the Examiner first argues that Claim 25 does 
not recite "a first data structure to [sic] mapping the network resources to particular security 
zone" as suggested in Appellants' argument. This argument simply ignores the language of 
Claim 25 and the clear defects with the rejection of Claim 25 identified in the Appeal Brief In 
particular, what Claim 25 recites is a "first data structure that specifies at least one security zone . 
. . that is associated with each of the plurality of networked resources." Thus, Claim 25 makes 
clear that the data structure associates (e.g., maps) each of the network resources to one or more 
security zones, and the Examiner's efforts to argue otherwise are unavailing. 
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The Examiner next argues that the Host ID table of Jacobson maps the IP address of host 
devices 102-3 through 102-7 to particular security zones , citing to Fig. 9 and Col. 7, lines 25-34 
of Jacobson, and that these Host ID tables thus correspond to the "first data structure" of Claim 
25. However, what the cited portions of Jacobson expressly state and show is that the Host ID 
tables map the host devices to a particular security bridge and do not associate or map 
networked resources to particular security zones as does the "first data structure" of Claim 25. 

Finally, in Section 10(j) of the Examiner's Answer the Examiner responds to Appellants' 
showing that the "authorization table" of Figure 12 of Jacobson does not disclose or suggest the 
"second data structure" of Claim 25. (See Appeal Brief at Section III). The Examiner's only 
response to Appellants' showing is to argue that the second data structure of Claim 25 does not 
"specify] the respective security zone to which a user may have access." (Examiner's Answer at 
21). However, contrary to the Examiner's assertion, what Claim 25 expressly recites is "a second 
data structure that specifies the respective security zones to which a plurality of users of the data 
processing device may have access." Thus, the Examiner has failed to put forth any response 
whatsoever to Appellants' showing that the "authorization table" of Figure 12 of Jacobson does 
not disclose or suggest the "second data structure" of Claim 25. 

Thus, the rejection of Claim 25 should be reversed for each of the above reasons. 

VI- Response to Arguments 10(k) and 10(1) 

Sections 10(k) and 10(1) on pages 21-22 of the Examiner's Answer respond to Appellants' 
showing that the rejections of Claims 2-4 are internally inconsistent because the rejection of 
Claim 1 relies on the bridges 104-1 through 104-3 of Jacobson as comprising the multi-user 
system, whereas the rejection of Claims 2-4 (which depend from Claim 1), take the position that 
the hosts 102-1 through 102-12 of Jacobson comprise the "multi-user system." In response, the 
Examiner does not address, or even acknowledge, this inconsistency, but instead states that 
Jacobson discloses mainframe computers that are connected to terminals. As such, the 
Examiner's Answer also fails to rebut Appellants' showing regarding the patentability of Claims 
2-4. 
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VII. Response to Argument 10(m) 

Section 10(m) on page 23 of the Examiner's Answer states that it responds to Appellants 
arguments regarding the rejections of Claims 3 and 4. It is unclear what argument this section is 
responding to, and hence no rebuttal is necessary. 

VIII. Response to Argument 10(n) 

Section 10(n) on pages 23-24 of the Examiner's Answer responds to Appellants' showing 
that the Examiner has failed to provide any basis for rejecting Claims 5,18 and 23. The 
Examiner concedes that Appellants argument is correct, and then attempts to show where the 
recitations of Claims 5, 18 and 23 can allegedly be found in the cited art. However, analysis of 
these newly asserted grounds for rejection show that the cited art fails to teach the recitations of 
Claims 5, 18 and 23. 

For example, Claim 5 recites that "at least one entry in the data structure specifies the 
security zone associated with a group of the resources in the plurality of resources." The 
Examiner's Answer states that the "hosts" of Jacobson may be file servers, and hence it is 
inherent that the remote secure zone Host ID table includes at least one entry specifying the 
security zone associated with a group of resources. However, what Jacobson actually teaches is 
that the remote secure zone host ID table of Jacobson maps the IP address of host devices 102-3 
through 102-7 to their corresponding security bridge 104-2 or 104-3. (Jacobson at Col. 7, lines 
25-33 and Fig. 9). As such, the host ID table maps the host devices to a particular security 
bridge as opposed to mapping networked resources to particular security zones . Thus, the cited 
portions of Jacobson clearly fail to disclose or suggest the first recitation of Claim 5. 

Claim 5 further recites "identifying the one of the plurality of security zones associated 
with the one of the plurality of resources comprises identifying the security zone associated with 
the most specific entry in the data structure that includes the resource." While the Examiner's 
Answer alleges that large portions of Columns 3, 7, 8, 9, 10, 1 1 and 12 and Figs. 1 and 9 of 
Jacobson disclose this recitation of Claim 5, the Examiner's Answer does not even attempt to 
explain how the cited portions of Jacobson teach anything about "identifying the security zone 
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associated with the most specific entry in the data structure." Thus, Claim 5 is clearly 
independently patentable over the cited art for at least two reasons. 

Claims 18 and 23 include similar recitations, and hence are patentable over the cited art 
for the same reasons that Claim 5 is patentable over the cited art. 

IX. Response to Argument 1 0(o) 

Sections 10(o) on pages 24-25 of the Examiner's Answer purports to respond to 
Appellants' argument that the Examiner has failed to show that "the identifying and determining 
steps are performed within the multi-user system" as recited in Claim 6. However, the totality of 
the Examiner's response is to state that these "techniques can also be applied in any environments 
e.g., mainframe computer." (Examiner's Answer at 24-25). This response simply does not 
address Appellants' showing that the rejection of Claim 6 is internally inconsistent. 

X. Response to Arguments 10(q) and 10(r) 

Sections 10(p) and 10(r) on pages 25-26 of the Examiner's Answer purport to respond to 
Appellants' showing that Jacobson does not disclose "the first data structure comprises a mapping 
table that identifies the respective one of the plurality of security zones associated with each of 
the plurality of networked resources" and that "at least some of the entries in the mapping table 
are associated with multiple of the plurality of networked resources" as recited in Claim 26. 
Appellants note that the Examiner's response only addresses a portion of each of the two 
recitations of Claim 26 that Appellants have shown are not disclosed in Jacobson. In particular, 
the first of the above-quoted recitations states that the "the first data structure comprises a 
mapping table . . . The Examiner has simply ignored this portion of Claim 26, because the 
Host ID tables of Jacobson simply do not perform the mapping recited in Claim 26. Moreover, 
the Examiner simply rewrites the second clause of Claim 26 to state that the "tables include a 
plurality of entries" in order to argue that this recitation is taught by J acobson. However, as 
clearly shown above, what Claim 26 in fact recites is that "at least some of the entries in the 
mapping table are associated with multiple of the plurality of networked resources." The 
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Examiner has not and cannot contend that Jacobson teaches or discloses this recitation of Claim 
26. 

XL Response to Second Argument 10(r) 

The second Sections 10(r) on pages 26-27 of the Examiner's Answer purports to respond 
to Appellants 1 showing that Jacobson does not disclose a mapping table that has entries which 
"include wildcard characters to specify multiple of the plurality of networked resources with a 
single entry in the mapping table" as recited in Claim 27. In particular, the Examiner argues that 
the entries of the table in Fig. 10 of Jacobson are "wildcard characters." As is well known to 
those of skill in the art, a "wildcard character" refers to a character that can represent any 
character. Nothing in Jacobson discloses or suggests using such characters. Thus, the 
Examiner's Answer also fails to rebut Appellants' showing that Claim 27 is independently 
patentable over the cited art. 

Xli. Conclusion 

For each of the above reasons, Appellants respectfully submit that the pending claims are 
patentable over the cited art, and respectfully request the present application be passed to 
issuance. 
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